CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Pheap: >> Pheap >> 2.0 Security Vulnerabilities

CVE-2007-2985

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.

CVSS Score

10.0

EPSS Score

0.032

Published

2007-06-01

Page 1

Vulnerabilities

Vulnerable Software

Pheap: >> Pheap >> 2.0 Security Vulnerabilities

Products

Pricing

Contact Us